ABSTRACT Small and medium enterprises(SMEs) are gradually believing that information is an asset and like any other asset it needs to be strategically managed and protected. In most of the SMEs developing a strategy and then implementing the security measures are avoided or are considered as redundant. So in most of the cases it leaves loop holes in Information Security which result into threats and financial loss in the future. To improve security in a SME Purser’s proactive approach, with a little modification, is especially helpful. In this approach the process of preparing the strategy is explained in eight steps